CVE-2016-4016

Name of the Vulnerable Software and Affected Versions SAP Manufacturing Integration and Intelligence versions 15

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the title parameter to the "webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication" API endpoint.

Recommendations For version 15, update to a version that includes the fix for SAP Security Note 2201295 to resolve the issue.